Performing a tracert on the IP where the servers are hosted?

[iam117]

Yeah, first post and my first topic, but nothing came up when I searched 'tracert' so I thought it was worth a go.

If you perform a tracert on the IP where the servers are hosted (206.16.223.61), you immediately go to another IP which is Microsoft owned in Redmond, Washington (63.240.201.181).

Code: Select all

 IP Address  	 Country (Short)  	 Country (Full)   	 Region  	     City  	                ISP  	
63.240.201.181	       US	         UNITED STATES     WASHINGTON	      REDMOND	           MICROSOFT CORPORATION 	

There's nothing on the IP, but I thought it was worth a mention for the future. Ideas or constructive criticism is more than welcome. Just don't flame me too hard.

The full tracert is here:

Result for 206.16.223.61:

traceroute to 206.16.223.61 (206.16.223.61), 64 hops max, 44 byte packets
1 giga-2.enst.fr (137.194.2.254) 0.417 ms 0.326 ms 0.342 ms
2 gw-enst-cogent.enst.fr (137.194.4.253) 0.771 ms 0.744 ms 0.632 ms
3 g3-0-0-228.core01.par04.atlas.cogentco.com (149.6.164.1) 1.876 ms 1.482 ms 2.623 ms
4 p12-0.core01.par01.atlas.cogentco.com (130.117.1.238) 3.166 ms 2.415 ms 2.342 ms
5 p14-0.core02.dca01.atlas.cogentco.com (66.28.4.206) 81.364 ms 81.849 ms 83.209 ms
6 t4-3.mpd01.dca01.atlas.cogentco.com (154.54.5.57) 83.067 ms * 83.082 ms
7 t8-3.mpd01.dca02.atlas.cogentco.com (154.54.6.198) 84.242 ms 82.935 ms 84.999 ms
8 t1-2.mpd01.iad01.atlas.cogentco.com (154.54.7.158) 83.632 ms 84.711 ms 83.461 ms
9 g14-0-0-3493.core01.iad01.atlas.cogentco.com (154.54.5.37) 83.348 ms 83.574 ms 83.200 ms
10 gr1-a3110s1.attga.ip.att.net (192.205.33.201) 97.008 ms 84.348 ms 90.336 ms
11 tbr2.wswdc.ip.att.net (12.123.8.190) 86.368 ms 86.338 ms 86.354 ms
12 12.123.8.21 (12.123.8.21) 86.280 ms 86.155 ms 84.889 ms
13 12.122.255.50 (12.122.255.50) 87.483 ms 87.628 ms 86.024 ms
14 * * *
15 63.240.201.181 (63.240.201.181) 85.918 ms !X * 85.580 ms !X

[DHalo]

Most people don't call it a tracert. Most people call it a DNS or Whois lookup. If you searched the forum for Whois, or Redmond, you would have found a few posts. Since the info has been found, a mod can lock this. Old But Good Job Finding It On Your Own (OBGJFIYO)!

[iam117]

Heh, that could explain it then. Thanks.

[scapermoya]

Most people don't call it a tracert. Most people call it a DNS or Whois lookup. If you searched the forum for Whois, or Redmond, you would have found a few posts. Since the info has been found, a mod can lock this. Old But Good Job Finding It On Your Own (OBGJFIYO)!

don't mean to burst your bubble, but you are totally and completely wrong. a tracert is an analysis of the route between your computer and any other computer on the internet. it shows the routers, etc that packets travel through on their way to their destination. it isn't called anything else.

a whois lookup is looking up who OWNS a particular IP, with zero regard to the IP's relative place on the internet. whois will give you names and phone numbers, but it won't give you any information on how packets find their way there.

it isn't surprising that a tracert reveals more than one microsoft IP. they own quite a few, and they are most certainly on the backbone. good find.

[Xastabus]

I know this thread has been open for some time and I have neglected to say anything about it so far. I feel I must finally come forward with an advisement. Please listen to what I have to say, I am a Network Administrator and I know what I'm talking about. I manage my company's firewalls, I doubt Microsoft and Bungie do things any differently.

Do not continue in this thread of research.
Network scanning activities such as Trace Route and Ping are relatively harmless when performed by a single person, but these tools can cause problems at the target end if thousands of computers are running them at the same time. Other activities such as port scanning can be considered attempts to breach the target's network security, and if the target has an aggressive firewall this can get your IP blocked.
If enough people are trying to use these tools at once the target will be unavailable for legitimate use, meaning no one will be able to reach the Forerunner Server websites. Depending on how their network is setup this effect could possibly block access to all ARG related content hosted by Microsoft. This is what is known as a Denial of Service (DoS) Attack.

So far we have seen that when a link is found early there is no content at the site until the actual date the link was intended to be found. We can probably expect this trend to continue through to the conclusion of the ARG. Absolutely no information about the ARG is likely to be acquired through any network detection or hacking methods. The only thing this shows us is that the content is being hosted by Microsoft, which we already knew from the WhoIS information.

So please don't spam the ARG sites with unnecessary traffic in an attempt to find something, we probably won't learn anything useful from it and it isn't worth the risk of preventing access to the servers.

Please lock this thread.

[Van Helsing]

Wise words Xastabus,

I hope people reading this who were perhaps thinking of running IP tools heed this information and stop.


Locked.